Latest Adobe Vulnerabilities

Stored admin XSS via PayPal authentication certificate
Adobe Commerce=2.4.4
Adobe Commerce=2.4.4-p1
Adobe Commerce=2.4.4-p2
Adobe Commerce=2.4.4-p3
Adobe Commerce=2.4.4-p4
Adobe Commerce=2.4.4-p5
and 11 more
Force high-usage of resources by generating unlimited coupons: Adobe Commerce
Adobe Commerce=2.4.4
Adobe Commerce=2.4.4-p1
Adobe Commerce=2.4.4-p2
Adobe Commerce=2.4.4-p3
Adobe Commerce=2.4.4-p4
Adobe Commerce=2.4.4-p5
and 11 more
[Spain] CSRF to delete Requisition Lists at Adobe Commerce
Adobe Commerce=2.4.4
Adobe Commerce=2.4.4-p1
Adobe Commerce=2.4.4-p2
Adobe Commerce=2.4.4-p3
Adobe Commerce=2.4.4-p4
Adobe Commerce=2.4.4-p5
and 11 more
[Adobe Commerce] Stored XSS from low privileged admin user on every admin page, bypassing CVE-2023-29297
Adobe Commerce=2.4.4
Adobe Commerce=2.4.4-p1
Adobe Commerce=2.4.4-p2
Adobe Commerce=2.4.4-p3
Adobe Commerce=2.4.4-p4
Adobe Commerce=2.4.4-p5
and 11 more
Command injection in data collector backup due to insufficient patching of CVE-2023-38208
Adobe Commerce=2.4.4
Adobe Commerce=2.4.4-p1
Adobe Commerce=2.4.4-p2
Adobe Commerce=2.4.4-p3
Adobe Commerce=2.4.4-p4
Adobe Commerce=2.4.4-p5
and 11 more
Adobe Substance 3D Paint PICT Parsing Access Violation Write Vulnerability
Adobe Substance 3D Painter<=9.1.1
Adobe Substance 3D Paint PSD Parsing Out-Of-Bounds Write Vulnerability
Adobe Substance 3D Painter<=9.1.1
Adobe Substance 3D Painter v9.0.1Build2822 OOBR Vulnerability II
Adobe Substance 3D Painter<=9.1.1
Adobe Substance 3D Painter v9.0.1Build2822 OOBR Vulnerability III
Adobe Substance 3D Painter<=9.1.1
Adobe Substance 3D Paint PSD Parsing Out-Of-Bounds Write Vulnerability
Adobe Substance 3D Painter<=9.1.1
Adobe Substance 3D Paint RAS File Parsing Out-Of-Bounds Read Vulnerability
Adobe Substance 3D Painter<=9.1.1
Adobe Substance 3D Paint ICO Parsing Access Violation Write Vulnerability
Adobe Substance 3D Painter<=9.1.1
Adobe Substance 3D Painter v9.0.1Build2822 Buffer Overflow Vulnerability
Adobe Substance 3D Painter<=9.1.1
Adobe Substance 3D Painter v9.0.1Build2822 OOBR Vulnerability I
Adobe Substance 3D Painter<=9.1.1
Reflected XSS in `libs/cq/gui/components/siteadmin/admin/createlanguagecopywizard/clientlibs/createlanguagecopy/js/createlanguagecopy.js`
Adobe Experience Manager<=6.5.18
Adobe Experience Manager
Stored XSS in forms via advanced CSS styles configuration, triggers when a user edits the styles
Adobe Experience Manager<=6.5.18
Adobe Experience Manager
T5 Acrobat JS vulnerability - Exploitable crash via t5::javascript::get_page_num_words
Microsoft Edge<120.0.2210.133
Microsoft Edge (Chromium-based)
Microsoft Edge (Chromium-based)<=120.0.2210.91
Microsoft Edge<120.0.2210.133
New Edge T5 MSRC Case [DCMSFT-1081]
Microsoft Edge<120.0.2210.133
Microsoft Edge (Chromium-based)
Microsoft Edge (Chromium-based)<=120.0.2210.91
Microsoft Edge<120.0.2210.133
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerabilit...
Adobe Substance 3D Stager<=2.1.3
Apple macOS
Microsoft Windows
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerabilit...
Adobe Substance 3D Stager<=2.1.3
Apple macOS
Microsoft Windows
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerabilit...
Adobe Substance 3D Stager<=2.1.3
Apple macOS
Microsoft Windows
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerabilit...
Adobe Substance 3D Stager<=2.1.3
Apple macOS
Microsoft Windows
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerabilit...
Adobe Substance 3D Stager<=2.1.3
Apple macOS
Microsoft Windows
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerabilit...
Adobe Substance 3D Stager<=2.1.3
Apple macOS
Microsoft Windows
Stored XSS in `libs/cq/gui/components/projects/admin/translation/job/addcontent/clientlibs/js/addcontent.js`
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager<2023.11.0
Cloud XSS - /libs/wcm/core/content/sites/createsitefromstarterkitwizard.html
Adobe Experience Manager<=6.5.18
Adobe Experience Manager<2023.11.0
Stored XSS in `libs/granite/ui/components/coral/foundation/clientlibs/foundation/js/granite/toggleable/control.js`
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager<2023.11.0
Admin Account Takeover using Stored XSS
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager<2023.11.0
Stored XSS in `/libs/granite/ui/components/coral/foundation/clientlibs/foundation/js/granite/collection/create.js`
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager<2023.11.0
AMS XSS - /libs/dam/gui/coral/components/admin/folderschemaforms/formbuilder/formfields/v2/dropdownfield (encoded HTML attributes without quotes)
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager<2023.11.0
Stored XSS in `libs/granite/ui/components/coral/foundation/clientlibs/foundation/js/collection/selectall/selectall.js`
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager Cloud Service<2023.11
Stored XSS on `https://author-bugbounty-65-prod.adobecqms.net/` via Adaptive form fragment `title` input and triggered at Create Language Copy
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager Cloud Service<2023.11
Validate Your Inputs | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager<=6.5.18
Adobe Experience Manager
DOM XSS in `libs/cq/workflow/admin/console/components/clientlibs/js/action/workflow.editModel.js`
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager Cloud Service<2023.11
AMS XSS - /libs/fd/foundation/gui/content/migration/status.html
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager Cloud Service<2023.11
Reflected XSS in libs/cq/gui/components/projects/admin/clientlibs/forms/js/form.response.openprompt.js
Adobe Experience Manager<=6.5.18
Adobe Experience Manager
AMS XSS - /libs/fd/af/layouts/panel/verticalTabbedPanelLayout/defaultNavigatorLayout.jsp
Adobe Experience Manager<=6.5.18
Adobe Experience Manager
DOM XSS in `libs/cq/personalization/touch-ui/clientlibs/activities/activities.js`
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager Cloud Service<2023.11
Stored XSS in libs/dam/gui/components/admin/collections/collectionsettings/clientlibs/collectionsettings/js/collectionsettings.js
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager Cloud Service<2023.11
DOM XSS in `/libs/cq/gui/components/workflow/editor/clientlibs/workflow/init/js/init.js`
Adobe Experience Manager<=6.5.18
Adobe Experience Manager
Stored XSS in libs/cq/gui/components/projects/admin/clientlibs/projects/js/projects.js via window.location
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager Cloud Service<2023.11
DOM XSS in `libs/granite/cloudsettings/components/clientlibs/js/edit.js`
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager Cloud Service<2023.11
DOM XSS in `libs/clientlibs/social/enablement/core/jquery.buttonEnabler.js`
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager Cloud Service<2023.11
Servlet - /bin/wcm/contentfinder/asset/view?itemResourceType allows users to execute internal AEM code
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager
Stored XSS in `libs/cq/gui/components/common/admin/navigationpanel/clientlibs/navigationpanel/js/activator.click.js`
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager Cloud Service<2023.11
DOM XSS in `/libs/fd/fm/gui/components/admin/assetreview/startreviewwizard/clientlibs/startreviewwizard/js/startreviewwizard.js`
Adobe Experience Manager<=6.5.18
Adobe Experience Manager
DOM XSS in `/libs/cq/gui/components/siteadmin/admin/properties/localacl/localacllistitem/clientlibs/js/permissions.js`
Adobe Experience Manager<=6.5.18
Adobe Experience Manager
Stored XSS in `/libs/cq/workflow/gui/components/inbox/actions/clientlibs/showdetails/showdetails.js`
Adobe Experience Manager<=6.5.18.0
Adobe Experience Manager Cloud Service<2023.11
Stored XSS at `https://author-bugbounty-65-prod.adobecqms.net/libs/fd/fm/base/content/moveasset/moveassetwizard.html/*`
Adobe Experience Manager<=6.5.18
Adobe Experience Manager
Stored XSS at `https://author-bugbounty-65-prod.adobecqms.net/etc/cloudservices/testandtarget/*`
Adobe Experience Manager<=6.5.18
Adobe Experience Manager

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203